漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio() endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software behavior.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Stock-Forecaster SQL注入漏洞
Vulnerability Description
Stock-Forecaster是一个基于人工智能的股票预测工具,旨在帮助投资者和交易者做出更明智的决策。 Stock-Forecaster 01-04-2020版本存在SQL注入漏洞,该漏洞源于portofolio接口的stock-symbol参数未过滤输入,导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A